CVE-2018-12010

HIGH

Android - Out-of-bounds Write in TrustZone Memory

Title source: llm
STIX 2.1

Description

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0014
EPSS Percentile 3.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
google/android
Published Feb 11, 2019
Tracked Since Feb 18, 2026